A deep dive into Apple's .car file format

The fact that different parts of the file use different endiannesses really added that special Apple tech flavour.

Claude is pretty good at turning (dis)assembly into Objective-C. i went exploring these systems looking for the secrets of glass icon rendering. i used ipsw to unpack all the class metadata in relevant system private frameworks. for each class, i extracted class header/interface, and a assembly file per method in the header. i wrote a ruby script to shell out to claude cli with a custom system prompt to give me readable-ish obj-c. It struggled with some patterns but with code as string-dispatch method-call-heavy as obj-c there’s lots of good hints for the ai.

i learned a lot about lldb debugging when i went spelunking through system service process memory. eventually i got too distracted learning about runtime introspection in Swift and obj-c and ended up building a dynamic object explorer/debugger instead of accomplishing my original goal. obj-c runtime dynamism is fascinating. it’s like, “what if we make C as dynamic as Ruby”. you can invent new classes at runtime, swap method implementations, create a new class that extends a specific existing object. you can even change what class an object is.

Swift is a lot less dynamic and a lot less introspectable at runtime :-( (there is a swift reflection api called Mirror but i struggled to do anything interesting with it)

> Apple's .car file

> not related to Apple CarPlay

Team manager at NeXT worked on the file format here, AMA

This is cool work. However, the author claims the following:

> This knowledge could be useful for security research and building developer tools that does not rely on Xcode or Apple’s proprietary tools.

Yes it could be. But if you developed it for such altruistic purposes, why tease the code?

> I’m considering open-sourcing these tools, but no promises yet!

Maybe OOP is thinking of selling their reverse engineering tools? Seems like that’s still a proprietary tool, I’m just paying someone else for it

> _QWORD *__fastcall

Is that WinDOS shit?

Anyway, compiling to WASM is smart. Apple can't kill your tools if they're not on the app store. And you don't have to pay Apple tax for giving access to a free tool. Cool project!

Looks very much like a format that should just have been gzipped JSON.

Don't use binary formats when it isn't absolutely needed.

Idea: pass the decompiled code through a "please rename variables according to their purpose" step using a coding agent. Not ideal, but arguably better than v03, v20. And almost zero effort at this time and age.